Gab, a social network popular among Trump supporters and the heir apparent to Parler, has suffered a serious data breach.
On Sunday 28th February, online activist group Distributed Denial of Secrets, revealed it had obtained Gab data from an anti-Trump hacktivist hoping to out users of the right-wing platform.
In total, around 70GB of data was stolen, including up to 40 million public and private posts circulated on the social network. Hashed user passwords and user messages are also believed to be included in the data dump.
In a report first published by Wired, a hacktivist named “JaXpArO” claimed to have discovered an SQL injection bug in Gab’s website. In turn, this allowed them to access and siphon off information from Gab databases.
According to Wired, the hacked data also includes a chatlogs.txt file showcasing private conversations between site users. A note, believed to be from JaXpArO, features.
“FUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA,” the note reads.
DDoSecrets revealed it will circulate the leaked data. However, this will be redacted and shared only with journalists and researchers.
Co-founder Emma Best told Wired the leaked information is a vital resource which could help identify individuals and/or groups involved in the storming of the US Capitol Building on 6th January.
“It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,” she said.
“It’s another gold mine of research for people looking at militias, neo-Nazis, the far-right, QAnon and everything surrounding January 6,” Best added.
Release: #GabLeaks (70GB) includes public & private posts, user profiles, hashed passwords, DMs, etc, from the far-right social media site Gab. Over 70,000 messages in more than 19,000 chats, by 15,000 users. Limited distribution due to PII: https://t.co/gdsnyupbd1
— Distributed Denial of Secrets (@DDoSecret) March 1, 2021
Founded in 2016, Gab has become the latest haven for the alt-right following Parler’s demise in late January, with huge numbers of conspiracy theorists and white nationalists flocking to the platform.
The rise of both Parler and Gab coincided with Donald Trump’s ban from Twitter and virtually every other major social network.
Many Trump supporters and right-wing commentators criticised the ban as a major blow to ‘free speech’ online and sought refuge on platforms where they were accepted.
Parler’s sudden rise was brought to a halt within a matter of days, however, with the social media site also suffering a major data leak. Amazon Web Services quickly dropped its web hosting, knocking the site offline and consigning it to the scrap heap.
Gift of the Gab
Within the space of a few days, Gab’s response to the data breach has been wrought with inconsistencies and derogatory statements.
Chief Executive Andrew Torba appeared to downplay security worries on Friday 26th, insisting that the company was aware of the vulnerability and that the issue had been resolved.
Two days later, however, the situation escalated. Taking to the social media platform, Torba responded with a bizarre statement which included transphobic insults.
“Mentally ill tranny demon hackers (I’m very serious) are attacking Gab right now. The same people behind this attack targeted law enforcement officers and their family members last summer,” he said.
“The feds are treating them as a criminal hacker organization. We are working with our partners in law enforcement on this issue.”
— Gab.com (@getongab) February 28, 2021
In his statement, Torba claimed Gab has “always been transparent” with the community in regard to security. He also revealed that high-profile accounts may have been compromised in the attack.
“My account and Trump’s account were compromised, of course as Trump is about to go on stage and speak. The entire company is all hands investigating what happened and working to trace and patch the problems,” he said.
- Scottish Apprenticeship Week | Cybersecurity skills at Leidos
- Comment | Misconceptions vs reality on the vital move to digital telecare
- TranSwap launches new global R&D centre at the University of Edinburgh
Other prominent users whose information appears to have been leaked include infamous conspiracy theorist and broadcaster, Alex Jones, as well as Marjorie Taylor Greene, a US congresswoman noted for her backing of QAnon conspiracy theories.
The controversy didn’t end there, however. Overnight, the official Gab Twitter account was embroiled in a spat with cybersecurity researcher Troy Hunt.
— Troy Hunt (@troyhunt) March 2, 2021
In a Twitter thread, Hunt explored the key talking points of the Gab data breach situation and criticised the company for its derogatory comments toward DDoSecrets member Beka Valentine.
Gab responded to Hunt by claiming that “weak, pathetic, and emasculated men” like him are “why the West is failing”.